Exemplary embodiments generally relate to computer networks and, more particularly, to detection of unauthorized intrusions into a computer network of a high value target, such as, but not limited to, a power plant.
With a heightened focus on homeland defense, an increased scrutiny of security measures that are in place to protect national key infrastructure elements is occurring. Such key infrastructure elements include, but are not limited to, power plants, research facilities (especially those that utilize harmful materials), financial institutions, etc. When considering power plants, these infrastructure elements are vital to a nation's economy and welfare. Consequently, they represent a high value target for terrorists. The same is true of other infrastructure elements, but possibly to differing levels of importance.
A power plant, also referred to as a generating station, power station, and/or powerhouse, is an industrial facility for the generation of electric power. Power plants are used to convert other forms of energy, such as, but not limited to, chemical energy, gravitational potential energy, wind energy, or heat energy into electrical energy. The energy source harnessed depends chiefly on which fuels are easily available and on the types of technology that the power company has access to use.
Power plants vary greatly in capacity depending on a type of power plant and on historical, geographical and economic factors. But generally, the power generated by the power plant is measured in multiples of the watt, typically megawatts or gigawatts.
A computer network is typically provided to assist a power plant operator in performing his/her duties in the electrical generating facility. More specifically, the computer network is used for controlling and monitoring the technical processes of the power plant. To perform its functions, the computer network is integrated throughout the power plant to allow the plant operator to control and monitor various aspects of the power plant. With advances in technology, the computer network also allows processors to monitor and operate aspects of the power plant. In such cases, an operator is able to shut down a process if the process is operating improperly, but only after the operator notices an improper reading from monitored data.
The computer network also usually has a connection allowing for accessing and communicating with a plurality of computers or other electronic devices. The connection may be enabled over the Internet (through a wired or wireless access point), or through other paths, such as, but not limited to, a junction that accepts a removable module such as a USB stick or device. Though such networks are usually protected by a firewall, with advances in computer viruses and computer worms used in cyber attacks upon individual computers and computer networks, breaching a power plant firewall may be possible. For example, challenges with protecting a computer network are realized when trying to prevent polymorphic attacks (attacks that change in form) upon the computer network. Such attacks, which appear as authorized users could send attack traffic which could disable or weaponize power plants, which could result in power outages, plant damage, and/or compromise power plant information.
Considering continued advancements in computer viruses and desires of malicious individuals to use such computer programs to weaponize power plants, manufacturers, owners, and operators of power plants would realize security and financial benefits from being able to rapidly detect and repel cyber attacks upon a computer network used in operating power plants.